CIS Linux – Micah Webner
Home / Tutorials / Ssh Keys

Generating SSH Keys

Posted Saturday, April 9, 2016

(Updated January 2023)

SSH authentication keys are a way to provide authentication without sending a password to the server. Instead, you use a passphrase to unlock a private key on your computer, and this is matched with a public key placed on the server. (Yes, literally public. I've posted my public key on this website for anyone to see.)

Regardless of your platform or tools used, you should create an ED25519 key, and use either your username or email address as the key comment. Treat your private key file like a password, because that's what it is, except that it can be much more powerful and is a lot more difficult to change than a password.

Basic Web Projects with Git and Visual Studio Code

Added May 2021. This new video covers the following topics:

  • Install Git on Windows.
  • Create ssh keys for authentication.
  • Load ssh agent in git bash.
  • Create and clone a new project.
  • Make changes and push to remote repository.

Generating keys

This is covered in detail in the video, but here are some screenshots that show the details and commands for generating ssh keys.

To generate a new key:

 ssh-keygen -o -a 100 -t ed25519 -C 'micah_220112'

To view the contents of your key for copying:

 cat .ssh/id_ed25519.pub

Windows and Linux

If you are on Windows or Linux, create (or append) your .bashrc file to contain the following commands:

eval $(ssh-agent -s)
ssh-add ~/.ssh/id_ed25519

Exit your bash session and reopen. You should be prompted for the passphrase to your private key.

MacOS

The following steps will set up MacOS to use your private key automatically.

Store passphrase in the Keychain

In the latest version of MacOS (12.0 Monterey), just do this once:

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

Or in versions of MacOS older than 12.0 Monterey, use:

ssh-add -K ~/.ssh/id_ed25519

Enter your key passphrase, and you won't be asked for it again.

Configure SSH-agent to always use MacOS Keychain

Create a file .ssh/config (under your home directory) to contain the following settings:

Host *
    AddKeysToAgent yes
    UseKeychain yes
    IdentityFile ~/.ssh/id_ed25519

Once you've done this, MacOS should take care of starting the agent, and will allow you to store the key's passphrase in Keychain so you won't have to type it in the future.

ssh-keygen screenshot

Linux

Setup on Linux is only slightly more difficult. Create keys using ssh-keygen as described above, but then you must start ssh-agent and add keys in order to use it. Methods vary, so search Google for instructions.

Ubuntu for Windows

If you use Ubuntu for Windows, creating keys is the same as for MacOS and Linux. You can install the debian keychain package to get the ssh agent running, as described in this post.

Testing your setup

Use the ssh-copy-id to copy your key to the HFC cislinux server.

ssh-copy-id yourname@cislinux.hfcc.edu

After a successful copy, test the connection. The server should not prompt you for a password, because your private key (running in the agent) is your password now.

ssh yourname@cislinux.hfcc.edu

Using Git

For more information about using git for software products, and for some important git settings, please see Getting Started with Git.